Tuesday, October 4, 2011

"...people running DroidSheep can use victims' accounts, gaining access to sites that don't use a secured and encrypted SSL connection..."

DroidSheep is a freely available app that allows you to steal session information for web sites that are not well secured. Using DroidSheep you can make your phone look like the network router so all external network requests pass through it. DroidSheep will then identify different web sessions and show you which ones are most likely to be exploitable. You can check out the source link to see a video of how it works.

This app makes stealing information look easy. Keep that in mind the next time you enter sensitive information on a web site. Make sure your session is encrypted. You can look for the "HTTPS" at the beginning of a URL to make sure at least basic security is in place. Most browsers also have an indicator that will let you know when a connection is secure. Google actually removed DroidSheep from the Android Market but it's still available on the developers web site. If you use it, you're responsible for your actions.